Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Always getting this error on startup

24 Jul 2013   #11
vgchat

Windows 7 Ultimate x64
 
 

I installed MB and a few seconds after start up it caught this and it looks like the virus keeps popping back up.

Code:
2013/07/24 11:31:54 -0600	AVALANCH-PC	avalanch	MESSAGE	Starting protection
2013/07/24 11:31:54 -0600	AVALANCH-PC	avalanch	MESSAGE	Protection started successfully
2013/07/24 11:31:54 -0600	AVALANCH-PC	avalanch	MESSAGE	Starting IP protection
2013/07/24 11:31:55 -0600	AVALANCH-PC	avalanch	MESSAGE	IP Protection started successfully
2013/07/24 11:32:02 -0600	AVALANCH-PC	avalanch	DETECTION	G:\Users\avalanch\AppData\Local\Temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:33:24 -0600	AVALANCH-PC	avalanch	DETECTION	g:\users\avalanch\appdata\local\temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:33:24 -0600	AVALANCH-PC	avalanch	ERROR	Quarantine failed:  SDKQuarantine failed with error code 2
2013/07/24 11:38:19 -0600	AVALANCH-PC	avalanch	DETECTION	g:\users\avalanch\appdata\local\temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:38:19 -0600	AVALANCH-PC	avalanch	ERROR	Quarantine failed:  SDKQuarantine failed with error code 2
2013/07/24 11:39:10 -0600	AVALANCH-PC	avalanch	DETECTION	g:\users\avalanch\appdata\local\temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:39:10 -0600	AVALANCH-PC	avalanch	ERROR	Quarantine failed:  SDKQuarantine failed with error code 2
2013/07/24 11:39:14 -0600	AVALANCH-PC	avalanch	DETECTION	g:\users\avalanch\appdata\local\temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:39:14 -0600	AVALANCH-PC	avalanch	ERROR	Quarantine failed:  SDKQuarantine failed with error code 2
I have yet to do a full scan or run the roguekiller but the full scan is in progress right now.


My System SpecsSystem Spec
.
24 Jul 2013   #12
vgchat

Windows 7 Ultimate x64
 
 

Here's the mbam results

Code:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
avalanch :: AVALANCH-PC [administrator]

Protection: Enabled

7/24/2013 12:18:15 PM
mbam-log-2013-07-24 (12-18-15).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 611690
Time elapsed: 1 hour(s), 10 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|chrome (Trojan.Agent) -> Data: "G:\Users\avalanch\AppData\Roaming\chrome\chrome.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
G:\Users\avalanch\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 11
E:\SRS Audio Sandbox 1.10.2.0.rar (Trojan.Dropper.PGen) -> No action taken.
E:\Downloads\chromepass.zip (PUP.ChromePasswordTool) -> No action taken.
E:\Downloads\chromepass\ChromePass.exe (PUP.ChromePasswordTool) -> No action taken.
E:\Downloads\WPE PRO - modified.zip (HackTool.Sniffer.WpePro) -> Quarantined and deleted successfully.
E:\Downloads\WPE PRO - modified\WpeSpy.dll (HackTool.Sniffer.WpePro) -> Quarantined and deleted successfully.

G:\Users\avalanch\AppData\Roaming\dclogs\2013-07-20-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
G:\Users\avalanch\AppData\Roaming\dclogs\2013-07-21-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
G:\Users\avalanch\AppData\Roaming\dclogs\2013-07-22-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
G:\Users\avalanch\AppData\Roaming\dclogs\2013-07-23-3.dc (Stolen.Data) -> Quarantined and deleted successfully.

(end)
My System SpecsSystem Spec
24 Jul 2013   #13
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Restart the PC and run RogueKiller .
My System SpecsSystem Spec
.

24 Jul 2013   #14
vgchat

Windows 7 Ultimate x64
 
 

Alright, I restarted & ran the RK tool and here's it's results.

Code:
RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : avalanch [Admin rights]
Mode : Scan -- Date : 07/24/2013 14:33:13
| ARK || FAK || MBR |

 Bad processes : 0 

 Registry Entries : 2 
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

 Scheduled tasks : 0 

 Startup Entries : 0 

 Web browsers : 0 

 Particular Files / Folders: 

 Driver : [NOT LOADED 0x0] 

 External Hives: 

 Infection :  

 HOSTS File: 
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
[...]


 MBR Check: 

+++++ PhysicalDrive0: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 19aac6d6358a31638193da1e58b3a80f
[BSP] 824b93df78cb5d2a69c81aec1266ca81 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 9539fd94bddbffda9395ae3323c8ba30
[BSP] e4c948cba6d734b778c663230ff4e8d3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953716 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 5670f7dab435709844937a658dce92cc
[BSP] c362c2fb01507bdde3712e595625b8c5 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 7a184e6949a725c54af869a717e79537
[BSP] d583239bfca040b83921c79615c2cf29 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07242013_143313.txt >>
My System SpecsSystem Spec
24 Jul 2013   #15
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Change your passwords on a non infected PC . Are you still getting that pop up ?
My System SpecsSystem Spec
24 Jul 2013   #16
vgchat

Windows 7 Ultimate x64
 
 

No the popup hasn't been showing after that.
My System SpecsSystem Spec
Reply

 Always getting this error on startup




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Macrium Reflect error BEX64 (Win error?) on MR startup
After installing win7 64bit home premium I cannot rum Macrium Reflect (free). On startup of MR I get this msg: Problem signature: Problem Event Name: BEX64 Application Name: Reflect.exe Application Version: 5.3.7109.0 Application Timestamp: 53ccfa37 Fault Module Name:...
Backup and Restore
BSOD on startup, unknown error, startup repair running too long
As the title suggests, my Acer Aspire has been running startup repair for over 20 hours following a BSOD yesterday. I'm not sure if it's worth the wait so maybe you all can shed some light. Yesterday I was stressfully trying to search for something (using Chrome) and the website I was on froze;...
BSOD Help and Support
Error 0101003 Keyboard no detected, stuck on startup/startup repair
Hi guys I was cleaning my laptop turned it on and it just wouldn't work so I turned it off and on again and it was giving me this error code saying my keyboard is not detected in start up. It then says there was a problem and shoots me to startup repair where it's just stuck not doing anything. My...
BSOD Help and Support
Update error 80246008, Restart on Shutdown, dll startup error
This is a family member's laptop. It is a Dell Inspirion N4110 running Win 7 Home Premium x64 They gave it to me complaining that the shutdown button restarts the computer and will not actually shut it down. So I checked its preferences, they were fine. I went into the registry and changed the...
Windows Updates & Activation
Startup Repair Error (Forever Loop) Error Code 0x80070003
Here's my story: My sister's PC had been corrupted in lots of unnecessary programs and apps. I deleted those craps. Windows Action Center then prompts me to update my windows, and I did. PC restarted and POOF!!!, I am seem to be forever stuck in the Startup Repair Loop. So I tried System...
General Discussion
BSOD on startup , error 0x000000f4 . startup takes half an hour
so everything was fine when my laptop started to become very slow and i used to get the BSOD very often so i decided to recover the system to the initial state . i did that and everything was fine , then i updated the windows 7 service pack 1 and finished the installation and rebooted my computer ,...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:31.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App